With ransomware attackers having already launched attack code with themes ranging from Pokémon Go and horror movies to Hitler and cats, it was only a matter of time before they decided to beam Star Trek's Captain James T. Kirk direct to would-be victims' PCs.

Victims will know their PC has been encrypted by the ransomware in part because their files will have ".kirked" added as an extension, Kroustek says, noting that the attack code is designed to encrypt 625 different types of file extensions, "even Solitaire save games."

The Kirk ransomware ransom note says that anyone who pays to recover their files will receive, appropriately enough, a Spock decryptor.

Some would-be users might not be old enough to remember LOIC's 2010 debut, when the Anonymous collective began urging people to take up digital arms as part of the pro-WikiLeaks "Operation Payback," in part by downloading and aiming LOIC at sites run by such organizations as MasterCard, PayPal and Visa. Many LOIC users, however, apparently didn't realize that the tool wasn't designed to mask their IP addresses, which many of the victim organizations duly recorded. These packet-capture logs got shared with law enforcement agencies and arrests of alleged users shortly ensued.

Attacker Seeks Monero

Unusually, the Kirk ransomware seeks payment via a type of cryptocurrency known as Monero. The ransom note demands 50 monero, currently worth about $1,200, to decrypt all files. If users don't pay for 48 hours, it begins increasing the ransom demand. "In 31 days your password decryption key gets permanently deleted," it warns.

If executed, the ransomware begins encrypting 625 different file types on a victim's PC while masquerading as LOIC. Source: Jakub Kroustek

Monero, aka XMR, claims to be more private and difficult to trace than bitcoin. Monero got a boost last year, when the operators of the darknet marketplace Alphabay announced on Reddit that as of Sept. 1, 2016, they would begin allowing Monero deposits and withdrawals.

"Following the demand from the community, and considering the security features of Monero, we decided to add it to our marketplace," they wrote.

Cryptocurrency Market Capitalizations

Don't Count on Spock

The Kirk ransomware random note ends: "Live long and prosper."

But security experts and law enforcement agencies recommend that, whenever possible, victims shouldn't help ransomware attackers prosper. In particular, they advocate never paying ransoms, because it incentivizes attackers to continue their cybercrime research and development.

About the Author

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.